SonicWALL Global VPN Client Remote Format String Vulnerability

vendor:

Global VPN Client

by:

Unknown

7.5

CVSS

HIGH

Remote Format String

Unknown

CWE

Product Name: Global VPN Client

Affected Version From: Versions prior to SonicWALL Global VPN Client 4.0.0.830

Affected Version To:

Patch Exists: YES

Related CWE: Unknown

CPE: a:sonicwall:global_vpn_client

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

SonicWALL Global VPN Client Remote Format String Vulnerability

The SonicWALL Global VPN Client is prone to a remote format-string vulnerability. This vulnerability occurs when user-supplied input is not properly sanitized before being passed as the format specifier to a formatted-printing function. Successful exploitation of this vulnerability allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions.

Mitigation:

Update to SonicWALL Global VPN Client version 4.0.0.830 or later.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/26689/info

SonicWALL Global VPN Client is prone to a remote format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the application. Failed attempts may cause denial-of-service conditions.

Versions prior to SonicWALL Global VPN Client 4.0.0.830 are affected. 

The following proof of concept was supplied:
<Connection name=> AAAAAAAAAA%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%
x.%x
<HostName> BBBBBBBBBB%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%x.%
x.%x.%x.%x.%x.%x.%x